IACR paper details

In a variety of group-oriented applications cryptographic primitives
like group signatures or ring signatures are valuable methods to
achieve anonymity of group members. However, in their classical form, these schemes cannot be deployed for applications that simultaneously require (i) to avoid centralized management authority like group manager and (ii) the signer to be anonymous only against non-members while group members have rights to trace and identify the signer.
The idea of recently introduced {\it democratic group signatures} is
to provide these properties. Based on this idea we introduce a
group-oriented signature scheme that allows the group members to
trace the identity of any other group member who issued a signature
while non-members are only able to link the signatures issued by the
same signer without tracing. For this purpose the signature scheme
assigns to every group member a unique pseudonym that can be used by any non-member verifier to communicate with the anonymous signer from the group. We present several group-oriented application scenarios where this kind of linkability is essential.
We propose a concrete linkable democratic group signature scheme for
two-parties, prove its security in the random oracle model, and
describe how to modularly extend it to the multi-party case.